Hackers can try to visit some special URL to download the backup file of some TP-Link’s ADSL modem routers, and this operation doesn’t need any authorization. After hackers have got the backup file, they can upload these backup files to some special website to obtain the administrative password of the TP-Link modem routers. At last, the hackers can use the administrative password to remotely control these TP-Link modem routers.

Here is the statement of this security problem:

Now we have already confirmed this security problem, and we have also confirmed it that this security problem can only be exploited when you have enabled the remotely access function on your TP-Link modem routers. Actually all TP-Link modem routers’ latest universal firmware had disabled remotely access function by default.So you can firstly check whether your modem router’s firmware is the latest. You can click the following link to download the latest firmware of TP-Link ADSL modem routers http://www.tp-link.com/en/support/download/?pcid=203 .

If your modem router’s firmware is already the latest, then you don’t need to worry about this security problem as long as you haven’t manually enabled remotely access function on your modem routers.

If you insist on using remotely access function on your modem routers, then this security problem does exist and can be exploited by hackers.

So we have decided to release the new official firmware of all related products which will solve this problem as soon as possible. By then, you can use remotely access function freely.

By default, the configurations should be just like the following picture shows (the parameter value of Interface is LAN). You just need to make sure your modem router’s configurations are exactly the same.

After these steps, your modem router’s remotely access function will be disabled. In this way, all hackers can’t download your modem router’s backup file without any authorization, and your modem router will be secure and safe.